diff --git a/src/CredentialsWrapper.php b/src/CredentialsWrapper.php index f0cd3e8be..9ffef8435 100644 --- a/src/CredentialsWrapper.php +++ b/src/CredentialsWrapper.php @@ -42,6 +42,7 @@ use Google\Auth\FetchAuthTokenInterface; use Google\Auth\GetQuotaProjectInterface; use Google\Auth\GetUniverseDomainInterface; +use Google\Auth\Credentials\GCECredentials; use Google\Auth\HttpHandler\Guzzle6HttpHandler; use Google\Auth\HttpHandler\Guzzle7HttpHandler; use Google\Auth\HttpHandler\HttpHandlerFactory; @@ -273,7 +274,7 @@ public function getAuthorizationHeaderCallback($audience = null) */ public function checkUniverseDomain() { - if (false === $this->hasCheckedUniverse) { + if (false === $this->hasCheckedUniverse && $this->shouldCheckUniverseDomain()) { $credentialsUniverse = $this->credentialsFetcher instanceof GetUniverseDomainInterface ? $this->credentialsFetcher->getUniverseDomain() : GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN; @@ -288,6 +289,24 @@ public function checkUniverseDomain() } } + /** + * Skip universe domain check for Metadata server (e.g. GCE) credentials. + * + * @return bool + */ + private function shouldCheckUniverseDomain(): bool + { + $fetcher = $this->credentialsFetcher instanceof FetchAuthTokenCache + ? $this->credentialsFetcher->getFetcher() + : $this->credentialsFetcher; + + if ($fetcher instanceof GCECredentials) { + return false; + } + + return true; + } + /** * @param array $scopes * @param callable $authHttpHandler diff --git a/tests/Tests/Unit/CredentialsWrapperTest.php b/tests/Tests/Unit/CredentialsWrapperTest.php index 2797841c2..444ba7543 100644 --- a/tests/Tests/Unit/CredentialsWrapperTest.php +++ b/tests/Tests/Unit/CredentialsWrapperTest.php @@ -303,6 +303,19 @@ public function provideCheckUniverseDomainPasses() ]; } + public function testCheckUniverseDomainOnGceCredentialsDoesNotCheck() + { + $fetcher = $this->prophesize(GCECredentials::class); + $fetcher->getUniverseDomain()->shouldNotBeCalled(); + $credentialsWrapper = new CredentialsWrapper( + $fetcher->reveal(), + null, + 'some-random-universe-domain' + ); + + $credentialsWrapper->checkUniverseDomain(); + } + /** * @dataProvider getBearerStringData */